Fix-cache-control

.vscode/settings.json

@@ -0,0 +1,4 @@
+{
+    "debug.allowBreakpointsEverywhere": true,
+    "files.autoGuessEncoding": true
+}

internal/auth/bearer.go

@@ -54,6 +54,13 @@ func (ss *BearerSecurityScheme) GetHeaders() http.Header {
 		header.Set(AuthorizationHeader, fmt.Sprintf("%s %s", BearerPrefix, attackValue))
 	}
 
+	//add cache-control based on authorization
+	if ss.HasValidValue() {
+		header.Set("Cache-Control", "private, max-age=0")
+	} else {
+		header.Set("Cache-Control", "public, max-age=3600")
+	}
+
 	return header
 }
 

internal/auth/bearer_test.go

@@ -73,6 +73,7 @@ func TestBearerSecurityScheme_GetHeaders(t *testing.T) {
 
 	assert.Equal(t, http.Header{
 		"Authorization": []string{"Bearer xyz789"},
+		"Cache-Control": []string{"private, max-age=0"},
 	}, headers)
 }
 
@@ -85,6 +86,7 @@ func TestBearerSecurityScheme_GetHeaders_WhenNoAttackValue(t *testing.T) {
 
 	assert.Equal(t, http.Header{
 		"Authorization": []string{"Bearer abc123"},
+		"Cache-Control": []string{"private, max-age=0"},
 	}, headers)
 }
 
@@ -94,7 +96,9 @@ func TestBearerSecurityScheme_GetHeaders_WhenNoAttackAndValidValue(t *testing.T)
 
 	headers := ss.GetHeaders()
 
-	assert.Equal(t, http.Header{}, headers)
+	assert.Equal(t, http.Header{
+		"Cache-Control": []string{"public, max-age=3600"},
+	}, headers)
 }
 
 func TestBearerSecurityScheme_GetCookies(t *testing.T) {

internal/auth/jwt_bearer.go

@@ -68,6 +68,13 @@ func (ss *JWTBearerSecurityScheme) GetHeaders() http.Header {
 		header.Set(AuthorizationHeader, fmt.Sprintf("%s %s", BearerPrefix, attackValue))
 	}
 
+	//add cache-control based on authorization
+	if ss.HasValidValue() {
+		header.Set("Cache-Control", "private, max-age=0")
+	} else {
+		header.Set("Cache-Control", "public, max-age=3600")
+	}
+
 	return header
 }
 

internal/auth/jwt_bearer_test.go

@@ -87,6 +87,7 @@ func TestJWTBearerSecurityScheme_GetHeaders(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, http.Header{
 		"Authorization": []string{"Bearer xyz789"},
+		"Cache-Control": []string{"private, max-age=0"},
 	}, headers)
 }
 
@@ -100,6 +101,7 @@ func TestJWTBearerSecurityScheme_GetHeaders_WhenNoAttackValue(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, http.Header{
 		"Authorization": []string{"Bearer " + jwt.FakeJWT},
+		"Cache-Control": []string{"private, max-age=0"},
 	}, headers)
 }
 
@@ -110,7 +112,9 @@ func TestJWTBearerSecurityScheme_GetHeaders_WhenNoAttackAndValidValue(t *testing
 	headers := ss.GetHeaders()
 
 	assert.NoError(t, err)
-	assert.Equal(t, http.Header{}, headers)
+	assert.Equal(t, http.Header{
+		"Cache-Control": []string{"public, max-age=3600"},
+	}, headers)
 }
 
 func TestJWTBearerSecurityScheme_GetCookies(t *testing.T) {

internal/auth/oauth.go

@@ -83,6 +83,13 @@ func (ss *OAuthSecurityScheme) GetHeaders() http.Header {
 		header.Set(AuthorizationHeader, fmt.Sprintf("%s %s", BearerPrefix, attackValue))
 	}
 
+	//add cache-control based on authorization
+	if ss.HasValidValue() {
+		header.Set("Cache-Control", "private, max-age=0")
+	} else {
+		header.Set("Cache-Control", "public, max-age=3600")
+	}
+
 	return header
 }
 

internal/auth/oauth_test.go

@@ -91,6 +91,7 @@ func TestNewOAuthSecurityScheme_GetHeaders(t *testing.T) {
 
 	assert.Equal(t, http.Header{
 		"Authorization": []string{"Bearer xyz789"},
+		"Cache-Control": []string{"private, max-age=0"},
 	}, headers)
 }
 
@@ -104,6 +105,7 @@ func TestNewOAuthSecurityScheme_GetHeaders_WhenNoAttackValue(t *testing.T) {
 
 	assert.Equal(t, http.Header{
 		"Authorization": []string{"Bearer abc123"},
+		"Cache-Control": []string{"private, max-age=0"},
 	}, headers)
 }
 
@@ -113,7 +115,9 @@ func TestNewOAuthSecurityScheme_GetHeaders_WhenNoAttackAndValidValue(t *testing.
 
 	headers := ss.GetHeaders()
 
-	assert.Equal(t, http.Header{}, headers)
+	assert.Equal(t, http.Header{
+		"Cache-Control": []string{"public, max-age=3600"},
+	}, headers)
 }
 
 func TestNewOAuthSecurityScheme_GetCookies(t *testing.T) {